{
  "$schema": "https://backstage.io/schema/config-v1",
  "title": "Application Configuration Schema",
  "type": "object",
  "required": ["app", "backend", "costInsights", "sentry", "techdocs"],
  "properties": {
    "app": {
      "type": "object",
      "required": ["baseUrl"],
      "description": "Generic frontend configuration.",
      "properties": {
        "baseUrl": {
          "type": "string",
          "visibility": "frontend",
          "description": "The public absolute root URL that the frontend."
        },
        "title": {
          "type": "string",
          "visibility": "frontend",
          "description": "The title of the app."
        },
        "listen": {
          "type": "object",
          "description": "Listening configuration for local development",
          "properties": {
            "host": {
              "type": "string",
              "visibility": "frontend",
              "description": "The host that the frontend should be bound to. Only used for local development."
            },
            "port": {
              "type": "number",
              "visibility": "frontend",
              "description": "The port that the frontend should be bound to. Only used for local development."
            }
          }
        },
        "support": {
          "description": "Information about support of this Backstage instance and how to contact the integrator team.",
          "type": "object",
          "required": ["items", "url"],
          "properties": {
            "url": {
              "description": "The primary support url.",
              "visibility": "frontend",
              "type": "string"
            },
            "items": {
              "description": "A list of categorized support item groupings.",
              "type": "array",
              "items": {
                "type": "object",
                "required": ["links", "title"],
                "properties": {
                  "title": {
                    "description": "The title of the support item grouping.",
                    "visibility": "frontend",
                    "type": "string"
                  },
                  "icon": {
                    "description": "An optional icon for the support item grouping.",
                    "visibility": "frontend",
                    "type": "string"
                  },
                  "links": {
                    "description": "A list of support links for the Backstage instance.",
                    "type": "array",
                    "items": {
                      "type": "object",
                      "required": ["url"],
                      "properties": {
                        "url": {
                          "visibility": "frontend",
                          "type": "string"
                        },
                        "title": {
                          "visibility": "frontend",
                          "type": "string"
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        }
      }
    },
    "lighthouse": {
      "type": "object",
      "properties": {
        "baseUrl": {
          "type": "string",
          "visibility": "frontend"
        }
      }
    },
    "auth": {
      "type": "object",
      "description": "Configuration that provides information on available authentication providers configured for app",
      "properties": {
        "providers": {
          "type": "object",
          "description": "The available auth-provider options and attributes",
          "additionalProperties": {
            "type": "object",
            "visibility": "frontend"
          },
          "properties": {
            "google": {
              "type": "object",
              "additionalProperties": {
                "type": "object",
                "additionalProperties": {
                  "type": "string"
                }
              }
            },
            "github": {
              "type": "object",
              "additionalProperties": {
                "type": "object",
                "additionalProperties": {
                  "type": "string"
                }
              }
            },
            "gitlab": {
              "type": "object",
              "additionalProperties": {
                "type": "object",
                "additionalProperties": {
                  "type": "string"
                }
              }
            },
            "saml": {
              "type": "object",
              "required": ["entryPoint", "issuer"],
              "properties": {
                "entryPoint": {
                  "type": "string"
                },
                "logoutUrl": {
                  "type": "string"
                },
                "issuer": {
                  "type": "string"
                },
                "cert": {
                  "type": "string"
                },
                "privateKey": {
                  "type": "string"
                },
                "decryptionPvk": {
                  "type": "string"
                },
                "signatureAlgorithm": {
                  "enum": ["sha256", "sha512"],
                  "type": "string"
                },
                "digestAlgorithm": {
                  "type": "string"
                }
              }
            },
            "okta": {
              "type": "object",
              "additionalProperties": {
                "type": "object",
                "additionalProperties": {
                  "type": "string"
                }
              }
            },
            "oauth2": {
              "type": "object",
              "additionalProperties": {
                "type": "object",
                "required": [
                  "authorizationUrl",
                  "clientId",
                  "clientSecret",
                  "tokenUrl"
                ],
                "properties": {
                  "clientId": {
                    "type": "string"
                  },
                  "clientSecret": {
                    "type": "string"
                  },
                  "authorizationUrl": {
                    "type": "string"
                  },
                  "tokenUrl": {
                    "type": "string"
                  },
                  "scope": {
                    "type": "string"
                  }
                }
              }
            },
            "oidc": {
              "type": "object",
              "additionalProperties": {
                "type": "object",
                "additionalProperties": {
                  "type": "string"
                }
              }
            },
            "auth0": {
              "type": "object",
              "additionalProperties": {
                "type": "object",
                "additionalProperties": {
                  "type": "string"
                }
              }
            },
            "microsoft": {
              "type": "object",
              "additionalProperties": {
                "type": "object",
                "additionalProperties": {
                  "type": "string"
                }
              }
            },
            "onelogin": {
              "type": "object",
              "additionalProperties": {
                "type": "object",
                "additionalProperties": {
                  "type": "string"
                }
              }
            },
            "awsalb": {
              "type": "object",
              "required": ["region"],
              "properties": {
                "issuer": {
                  "type": "string"
                },
                "region": {
                  "type": "string"
                }
              }
            }
          }
        },
        "environment": {
          "description": "The 'environment' attribute added as an optional parameter to have configurable environment value for `auth.providers`.\ndefault value: 'development'\noptional values: 'development' | 'production'",
          "visibility": "frontend",
          "type": "string"
        },
        "session": {
          "type": "object",
          "properties": {
            "secret": {
              "description": "The secret attribute of session object.",
              "visibility": "secret",
              "type": "string"
            }
          }
        }
      }
    },
    "backend": {
      "type": "object",
      "required": ["baseUrl", "database", "listen"],
      "description": "Generic backend configuration.",
      "properties": {
        "baseUrl": {
          "type": "string",
          "description": "The public absolute root URL that the backend is reachable at.",
          "visibility": "frontend"
        },
        "listen": {
          "description": "Address that the backend should listen to.",
          "anyOf": [
            {
              "type": "object",
              "properties": {
                "address": {
                  "description": "Address of the interface that the backend should bind to.",
                  "type": "string"
                },
                "port": {
                  "description": "Port that the backend should listen to.",
                  "type": ["string", "number"]
                }
              }
            },
            {
              "type": "string"
            }
          ]
        },
        "https": {
          "description": "HTTPS configuration for the backend. If omitted the backend will serve HTTP.\n\nSetting this to `true` will cause self-signed certificates to be generated, which\ncan be useful for local development or other non-production scenarios.",
          "anyOf": [
            {
              "type": "object",
              "properties": {
                "certificate": {
                  "description": "Certificate configuration",
                  "type": "object",
                  "required": ["cert", "key"],
                  "properties": {
                    "cert": {
                      "description": "PEM encoded certificate. Use $file to load in a file",
                      "type": "string"
                    },
                    "key": {
                      "description": "PEM encoded certificate key. Use $file to load in a file.",
                      "visibility": "secret",
                      "type": "string"
                    }
                  }
                }
              }
            },
            {
              "enum": [true],
              "type": "boolean"
            }
          ]
        },
        "database": {
          "description": "Database connection configuration, select database type using the `client` field",
          "anyOf": [
            {
              "type": "object",
              "properties": {
                "client": {
                  "type": "string",
                  "enum": ["sqlite3", "better-sqlite3"]
                },
                "connection": {
                  "type": "string"
                }
              },
              "required": ["client", "connection"]
            },
            {
              "type": "object",
              "properties": {
                "client": {
                  "type": "string",
                  "enum": ["pg"]
                },
                "connection": {
                  "description": "PostgreSQL connection string or knex configuration object.",
                  "anyOf": [
                    {
                      "type": "object",
                      "properties": {},
                      "additionalProperties": true
                    },
                    {
                      "type": "string"
                    }
                  ]
                }
              },
              "required": ["client", "connection"]
            }
          ]
        },
        "cors": {
          "type": "object",
          "properties": {
            "origin": {
              "anyOf": [
                {
                  "type": "array",
                  "items": {
                    "type": "string"
                  }
                },
                {
                  "type": "string"
                }
              ]
            },
            "methods": {
              "anyOf": [
                {
                  "type": "array",
                  "items": {
                    "type": "string"
                  }
                },
                {
                  "type": "string"
                }
              ]
            },
            "allowedHeaders": {
              "anyOf": [
                {
                  "type": "array",
                  "items": {
                    "type": "string"
                  }
                },
                {
                  "type": "string"
                }
              ]
            },
            "exposedHeaders": {
              "anyOf": [
                {
                  "type": "array",
                  "items": {
                    "type": "string"
                  }
                },
                {
                  "type": "string"
                }
              ]
            },
            "credentials": {
              "type": "boolean"
            },
            "maxAge": {
              "type": "number"
            },
            "preflightContinue": {
              "type": "boolean"
            },
            "optionsSuccessStatus": {
              "type": "number"
            }
          }
        },
        "reading": {
          "description": "Configuration related to URL reading, used for example for reading catalog info\nfiles, scaffolder templates, and techdocs content.",
          "type": "object",
          "properties": {
            "allow": {
              "description": "A list of targets to allow outgoing requests to. Users will be able to make\nrequests on behalf of the backend to the targets that are allowed by this list.",
              "type": "array",
              "items": {
                "type": "object",
                "required": ["host"],
                "properties": {
                  "host": {
                    "description": "A host to allow outgoing requests to, being either a full host or\na subdomain wildcard pattern with a leading `*`. For example `example.com`\nand `*.example.com` are valid values, `prod.*.example.com` is not.\nThe host may also contain a port, for example `example.com:8080`.",
                    "type": "string"
                  }
                }
              }
            }
          }
        },
        "csp": {
          "description": "Content Security Policy options.\n\nThe keys are the plain policy ID, e.g. \"upgrade-insecure-requests\". The\nvalues are on the format that the helmet library expects them, as an\narray of strings. There is also the special value false, which means to\nremove the default value that Backstage puts in place for that policy.",
          "type": "object",
          "additionalProperties": {
            "anyOf": [
              {
                "type": "array",
                "items": {
                  "type": "string"
                }
              },
              {
                "enum": [false],
                "type": "boolean"
              }
            ]
          }
        }
      }
    },
    "organization": {
      "description": "Configuration that provides information about the organization that the app is for.",
      "type": "object",
      "properties": {
        "name": {
          "description": "The name of the organization that the app belongs to.",
          "visibility": "frontend",
          "type": "string"
        }
      }
    },
    "integrations": {
      "description": "Configuration for integrations towards various external repository provider systems",
      "type": "object",
      "properties": {
        "azure": {
          "description": "Integration configuration for Azure",
          "type": "array",
          "items": {
            "type": "object",
            "required": ["host"],
            "properties": {
              "host": {
                "description": "The hostname of the given Azure instance",
                "visibility": "frontend",
                "type": "string"
              },
              "token": {
                "description": "Token used to authenticate requests.",
                "visibility": "secret",
                "type": "string"
              }
            }
          }
        },
        "bitbucket": {
          "description": "Integration configuration for Bitbucket",
          "type": "array",
          "items": {
            "type": "object",
            "required": ["host"],
            "properties": {
              "host": {
                "description": "The hostname of the given Bitbucket instance",
                "visibility": "frontend",
                "type": "string"
              },
              "token": {
                "description": "Token used to authenticate requests.",
                "visibility": "secret",
                "type": "string"
              },
              "apiBaseUrl": {
                "description": "The base url for the Bitbucket API, for example https://api.bitbucket.org/2.0",
                "visibility": "frontend",
                "type": "string"
              },
              "username": {
                "description": "The username to use for authenticated requests.",
                "visibility": "secret",
                "type": "string"
              },
              "appPassword": {
                "description": "Bitbucket app password used to authenticate requests.",
                "visibility": "secret",
                "type": "string"
              }
            }
          }
        },
        "github": {
          "description": "Integration configuration for GitHub",
          "type": "array",
          "items": {
            "type": "object",
            "required": ["host"],
            "properties": {
              "host": {
                "description": "The hostname of the given GitHub instance",
                "visibility": "frontend",
                "type": "string"
              },
              "token": {
                "description": "Token used to authenticate requests.",
                "visibility": "secret",
                "type": "string"
              },
              "apiBaseUrl": {
                "description": "The base url for the GitHub API, for example https://api.github.com",
                "visibility": "frontend",
                "type": "string"
              },
              "rawBaseUrl": {
                "description": "The base url for GitHub raw resources, for example https://raw.githubusercontent.com",
                "visibility": "frontend",
                "type": "string"
              },
              "apps": {
                "description": "GitHub Apps configuration",
                "visibility": "backend",
                "type": "array",
                "items": {
                  "type": "object",
                  "required": [
                    "appId",
                    "clientId",
                    "clientSecret",
                    "privateKey",
                    "webhookSecret"
                  ],
                  "properties": {
                    "appId": {
                      "description": "The numeric GitHub App ID",
                      "type": "number"
                    },
                    "privateKey": {
                      "description": "The private key to use for auth against the app",
                      "visibility": "secret",
                      "type": "string"
                    },
                    "webhookSecret": {
                      "description": "The secret used for webhooks",
                      "visibility": "secret",
                      "type": "string"
                    },
                    "clientId": {
                      "description": "The client ID to use",
                      "type": "string"
                    },
                    "clientSecret": {
                      "description": "The client secret to use",
                      "visibility": "secret",
                      "type": "string"
                    }
                  }
                }
              }
            }
          }
        },
        "gitlab": {
          "description": "Integration configuration for GitLab",
          "type": "array",
          "items": {
            "type": "object",
            "required": ["host"],
            "properties": {
              "host": {
                "description": "The host of the target that this matches on, e.g. \"gitlab.com\".",
                "visibility": "frontend",
                "type": "string"
              },
              "apiBaseUrl": {
                "description": "The base URL of the API of this provider, e.g.\n\"https://gitlab.com/api/v4\", with no trailing slash.\n\nMay be omitted specifically for public GitLab; then it will be deduced.",
                "visibility": "frontend",
                "type": "string"
              },
              "token": {
                "description": "The authorization token to use for requests to this provider.\n\nIf no token is specified, anonymous access is used.",
                "visibility": "secret",
                "type": "string"
              },
              "baseUrl": {
                "description": "The baseUrl of this provider, e.g. \"https://gitlab.com\", which is\npassed into the GitLab client.\n\nIf no baseUrl is provided, it will default to https://${host}.",
                "visibility": "frontend",
                "type": "string"
              }
            }
          }
        }
      }
    },
    "catalog": {
      "description": "Configuration options for the catalog plugin.",
      "type": "object",
      "properties": {
        "rules": {
          "description": "Rules to apply to all catalog entities, from any location.\n\nAn undefined list of matchers means match all, an empty list of\nmatchers means match none.\n\nThis is commonly used to put in what amounts to an allowlist of kinds\nthat regular users of Backstage are permitted to register locations\nfor. This can be used to stop them from registering yaml files\ndescribing for example a Group entity called \"admin\" that they make\nthemselves members of, or similar.",
          "type": "array",
          "items": {
            "type": "object",
            "required": ["allow"],
            "properties": {
              "allow": {
                "description": "Allow entities of these particular kinds.\n\nE.g. [\"Component\", \"API\", \"Template\", \"Location\"]",
                "type": "array",
                "items": {
                  "type": "string"
                }
              }
            }
          }
        },
        "readonly": {
          "description": "Readonly defines whether the catalog allows writes after startup.\n\nSetting 'readonly=false' allows users to register their own components.\nThis is the default value.\n\nSetting 'readonly=true' configures catalog to only allow reads. This can\nbe used in combination with static locations to only serve operator\nprovided locations. Effectively this removes the ability to register new\ncomponents to a running backstage instance.",
          "type": "boolean"
        },
        "locations": {
          "description": "A set of static locations that the catalog shall always keep itself\nup-to-date with. This is commonly used for large, permanent integrations\nthat are defined by the Backstage operators at an organization, rather\nthan individual things that users register dynamically.\n\nThese have (optional) rules of their own. These override what the global\nrules above specify. This way, you can prevent everybody from register\ne.g. User and Group entities, except for one or a few static locations\nthat have those two kinds explicitly allowed.\n\nFor example:\n\n```yaml\nrules:\n  - allow: [Component, API, Template, Location]\nlocations:\n  - type: url\n    target: https://github.com/org/repo/blob/master/users.yaml\n    rules:\n      - allow: [User, Group]\n  - type: url\n    target: https://github.com/org/repo/blob/master/systems.yaml\n    rules:\n      - allow: [System]\n```",
          "type": "array",
          "items": {
            "type": "object",
            "required": ["target", "type"],
            "properties": {
              "type": {
                "description": "The type of location, e.g. \"url\".",
                "type": "string"
              },
              "target": {
                "description": "The target URL of the location, e.g.\n\"https://github.com/org/repo/blob/master/users.yaml\".",
                "type": "string"
              },
              "rules": {
                "description": "Optional extra rules that apply to this particular location.\n\nThese override the global rules above.",
                "type": "array",
                "items": {
                  "type": "object",
                  "required": ["allow"],
                  "properties": {
                    "allow": {
                      "description": "Allow entities of these particular kinds.\n\nE.g. [\"Group\", \"User\"]",
                      "type": "array",
                      "items": {
                        "type": "string"
                      }
                    }
                  }
                }
              }
            }
          }
        },
        "processors": {
          "description": "List of processor-specific options and attributes",
          "type": "object",
          "properties": {
            "ldapOrg": {
              "description": "LdapOrgReaderProcessor configuration",
              "type": "object",
              "required": ["providers"],
              "properties": {
                "providers": {
                  "description": "The configuration parameters for each single LDAP provider.",
                  "type": "array",
                  "items": {
                    "type": "object",
                    "required": ["groups", "target", "users"],
                    "properties": {
                      "target": {
                        "description": "The prefix of the target that this matches on, e.g.\n\"ldaps://ds.example.net\", with no trailing slash.",
                        "type": "string"
                      },
                      "bind": {
                        "description": "The settings to use for the bind command. If none are specified,\nthe bind command is not issued.",
                        "type": "object",
                        "required": ["dn", "secret"],
                        "properties": {
                          "dn": {
                            "description": "The DN of the user to auth as.\n\nE.g. \"uid=ldap-robot,ou=robots,ou=example,dc=example,dc=net\"",
                            "type": "string"
                          },
                          "secret": {
                            "description": "The secret of the user to auth as (its password).",
                            "visibility": "secret",
                            "type": "string"
                          }
                        }
                      },
                      "users": {
                        "description": "The settings that govern the reading and interpretation of users.",
                        "type": "object",
                        "required": ["dn", "options"],
                        "properties": {
                          "dn": {
                            "description": "The DN under which users are stored.\n\nE.g. \"ou=people,ou=example,dc=example,dc=net\"",
                            "type": "string"
                          },
                          "options": {
                            "description": "The search options to use. The default is scope \"one\" and\nattributes \"*\" and \"+\".\n\nIt is common to want to specify a filter, to narrow down the set\nof matching items.",
                            "type": "object",
                            "properties": {
                              "scope": {
                                "enum": ["base", "one", "sub"],
                                "type": "string"
                              },
                              "filter": {
                                "type": "string"
                              },
                              "attributes": {
                                "anyOf": [
                                  {
                                    "type": "array",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  {
                                    "type": "string"
                                  }
                                ]
                              },
                              "paged": {
                                "anyOf": [
                                  {
                                    "type": "object",
                                    "properties": {
                                      "pageSize": {
                                        "type": "number"
                                      },
                                      "pagePause": {
                                        "type": "boolean"
                                      }
                                    }
                                  },
                                  {
                                    "type": "boolean"
                                  }
                                ]
                              }
                            }
                          },
                          "set": {
                            "description": "JSON paths (on a.b.c form) and hard coded values to set on those\npaths.\n\nThis can be useful for example if you want to hard code a\nnamespace or similar on the generated entities.",
                            "type": "object"
                          },
                          "map": {
                            "description": "Mappings from well known entity fields, to LDAP attribute names",
                            "type": "object",
                            "properties": {
                              "rdn": {
                                "description": "The name of the attribute that holds the relative\ndistinguished name of each entry. Defaults to \"uid\".",
                                "type": "string"
                              },
                              "name": {
                                "description": "The name of the attribute that shall be used for the value of\nthe metadata.name field of the entity. Defaults to \"uid\".",
                                "type": "string"
                              },
                              "description": {
                                "description": "The name of the attribute that shall be used for the value of\nthe metadata.description field of the entity.",
                                "type": "string"
                              },
                              "displayName": {
                                "description": "The name of the attribute that shall be used for the value of\nthe spec.profile.displayName field of the entity. Defaults to\n\"cn\".",
                                "type": "string"
                              },
                              "email": {
                                "description": "The name of the attribute that shall be used for the value of\nthe spec.profile.email field of the entity. Defaults to\n\"mail\".",
                                "type": "string"
                              },
                              "picture": {
                                "description": "The name of the attribute that shall be used for the value of\nthe spec.profile.picture field of the entity.",
                                "type": "string"
                              },
                              "memberOf": {
                                "description": "The name of the attribute that shall be used for the values of\nthe spec.memberOf field of the entity. Defaults to \"memberOf\".",
                                "type": "string"
                              }
                            }
                          }
                        }
                      },
                      "groups": {
                        "description": "The settings that govern the reading and interpretation of groups.",
                        "type": "object",
                        "required": ["dn", "options"],
                        "properties": {
                          "dn": {
                            "description": "The DN under which groups are stored.\n\nE.g. \"ou=people,ou=example,dc=example,dc=net\"",
                            "type": "string"
                          },
                          "options": {
                            "description": "The search options to use. The default is scope \"one\" and\nattributes \"*\" and \"+\".\n\nIt is common to want to specify a filter, to narrow down the set\nof matching items.",
                            "type": "object",
                            "properties": {
                              "scope": {
                                "enum": ["base", "one", "sub"],
                                "type": "string"
                              },
                              "filter": {
                                "type": "string"
                              },
                              "attributes": {
                                "anyOf": [
                                  {
                                    "type": "array",
                                    "items": {
                                      "type": "string"
                                    }
                                  },
                                  {
                                    "type": "string"
                                  }
                                ]
                              },
                              "paged": {
                                "anyOf": [
                                  {
                                    "type": "object",
                                    "properties": {
                                      "pageSize": {
                                        "type": "number"
                                      },
                                      "pagePause": {
                                        "type": "boolean"
                                      }
                                    }
                                  },
                                  {
                                    "type": "boolean"
                                  }
                                ]
                              }
                            }
                          },
                          "set": {
                            "description": "JSON paths (on a.b.c form) and hard coded values to set on those\npaths.\n\nThis can be useful for example if you want to hard code a\nnamespace or similar on the generated entities.",
                            "type": "object"
                          },
                          "map": {
                            "description": "Mappings from well known entity fields, to LDAP attribute names",
                            "type": "object",
                            "properties": {
                              "rdn": {
                                "description": "The name of the attribute that holds the relative\ndistinguished name of each entry. Defaults to \"cn\".",
                                "type": "string"
                              },
                              "name": {
                                "description": "The name of the attribute that shall be used for the value of\nthe metadata.name field of the entity. Defaults to \"cn\".",
                                "type": "string"
                              },
                              "description": {
                                "description": "The name of the attribute that shall be used for the value of\nthe metadata.description field of the entity. Defaults to\n\"description\".",
                                "type": "string"
                              },
                              "type": {
                                "description": "The name of the attribute that shall be used for the value of\nthe spec.type field of the entity. Defaults to \"groupType\".",
                                "type": "string"
                              },
                              "displayName": {
                                "description": "The name of the attribute that shall be used for the value of\nthe spec.profile.displayName field of the entity. Defaults to\n\"cn\".",
                                "type": "string"
                              },
                              "email": {
                                "description": "The name of the attribute that shall be used for the value of\nthe spec.profile.email field of the entity.",
                                "type": "string"
                              },
                              "picture": {
                                "description": "The name of the attribute that shall be used for the value of\nthe spec.profile.picture field of the entity.",
                                "type": "string"
                              },
                              "memberOf": {
                                "description": "The name of the attribute that shall be used for the values of\nthe spec.parent field of the entity. Defaults to \"memberOf\".",
                                "type": "string"
                              },
                              "members": {
                                "description": "The name of the attribute that shall be used for the values of\nthe spec.children field of the entity. Defaults to \"member\".",
                                "type": "string"
                              }
                            }
                          }
                        }
                      }
                    }
                  }
                }
              }
            },
            "awsOrganization": {
              "description": "AwsOrganizationCloudAccountProcessor configuration",
              "type": "object",
              "required": ["provider"],
              "properties": {
                "provider": {
                  "type": "object",
                  "properties": {
                    "roleArn": {
                      "description": "The role to be assumed by this processor",
                      "type": "string"
                    }
                  }
                }
              }
            },
            "microsoftGraphOrg": {
              "description": "MicrosoftGraphOrgReaderProcessor configuration",
              "type": "object",
              "required": ["providers"],
              "properties": {
                "providers": {
                  "description": "The configuration parameters for each single Microsoft Graph provider.",
                  "type": "array",
                  "items": {
                    "type": "object",
                    "required": [
                      "clientId",
                      "clientSecret",
                      "target",
                      "tenantId"
                    ],
                    "properties": {
                      "target": {
                        "description": "The prefix of the target that this matches on, e.g.\n\"https://graph.microsoft.com/v1.0\", with no trailing slash.",
                        "type": "string"
                      },
                      "authority": {
                        "description": "The auth authority used.\n\nDefault value \"https://login.microsoftonline.com\"",
                        "type": "string"
                      },
                      "tenantId": {
                        "description": "The tenant whose org data we are interested in.",
                        "type": "string"
                      },
                      "clientId": {
                        "description": "The OAuth client ID to use for authenticating requests.",
                        "type": "string"
                      },
                      "clientSecret": {
                        "description": "The OAuth client secret to use for authenticating requests.",
                        "visibility": "secret",
                        "type": "string"
                      },
                      "userFilter": {
                        "description": "The filter to apply to extract users.\n\nE.g. \"accountEnabled eq true and userType eq 'member'\"",
                        "type": "string"
                      },
                      "groupFilter": {
                        "description": "The filter to apply to extract groups.\n\nE.g. \"securityEnabled eq false and mailEnabled eq true\"",
                        "type": "string"
                      }
                    }
                  }
                }
              }
            }
          }
        }
      }
    },
    "costInsights": {
      "type": "object",
      "required": ["engineerCost", "products"],
      "properties": {
        "engineerCost": {
          "visibility": "frontend",
          "type": "number"
        },
        "products": {
          "type": "object",
          "additionalProperties": {
            "type": "object",
            "required": ["name"],
            "properties": {
              "name": {
                "visibility": "frontend",
                "type": "string"
              },
              "icon": {
                "visibility": "frontend",
                "enum": [
                  "compute",
                  "data",
                  "database",
                  "ml",
                  "search",
                  "storage"
                ],
                "type": "string"
              }
            }
          }
        },
        "metrics": {
          "type": "object",
          "additionalProperties": {
            "type": "object",
            "required": ["name"],
            "properties": {
              "name": {
                "visibility": "frontend",
                "type": "string"
              },
              "default": {
                "visibility": "frontend",
                "type": "boolean"
              }
            }
          }
        }
      }
    },
    "fossa": {
      "type": "object",
      "required": ["organizationId"],
      "properties": {
        "organizationId": {
          "description": "The organization id in fossa.",
          "visibility": "frontend",
          "type": "string"
        }
      }
    },
    "kubernetes": {
      "type": "object",
      "required": ["clusterLocatorMethods", "serviceLocatorMethod"],
      "properties": {
        "serviceLocatorMethod": {
          "type": "object",
          "required": ["type"],
          "visibility": "frontend",
          "properties": {
            "type": {
              "type": "string",
              "enum": ["multiTenant"],
              "visibility": "frontend"
            }
          }
        },
        "clusterLocatorMethods": {
          "type": "array",
          "visibility": "frontend"
        },
        "customResources": {
          "type": "array",
          "visibility": "frontend"
        }
      }
    },
    "kafka": {
      "type": "object",
      "required": ["clientId", "clusters"],
      "properties": {
        "clientId": {
          "description": "Client ID used to Backstage uses to identify when connecting to the Kafka cluster.",
          "type": "string"
        },
        "clusters": {
          "type": "array",
          "items": {
            "type": "object",
            "required": ["brokers", "name"],
            "properties": {
              "name": {
                "type": "string"
              },
              "brokers": {
                "description": "List of brokers in the Kafka cluster to connect to.",
                "type": "array",
                "items": {
                  "type": "string"
                }
              },
              "ssl": {
                "description": "Optional SSL connection parameters to connect to the cluster. Passed directly to Node tls.connect.\nSee https://nodejs.org/dist/latest-v8.x/docs/api/tls.html#tls_tls_createsecurecontext_options",
                "anyOf": [
                  {
                    "type": "object",
                    "properties": {
                      "ca": {
                        "type": "array",
                        "items": {
                          "type": "string"
                        }
                      },
                      "key": {
                        "visibility": "secret",
                        "type": "string"
                      },
                      "cert": {
                        "type": "string"
                      }
                    },
                    "required": ["ca", "cert", "key"]
                  },
                  {
                    "type": "boolean"
                  }
                ]
              },
              "sasl": {
                "description": "Optional SASL connection parameters.",
                "type": "object",
                "required": ["mechanism", "password", "username"],
                "properties": {
                  "mechanism": {
                    "enum": ["plain", "scram-sha-256", "scram-sha-512"],
                    "type": "string"
                  },
                  "username": {
                    "type": "string"
                  },
                  "password": {
                    "visibility": "secret",
                    "type": "string"
                  }
                }
              }
            }
          }
        }
      }
    },
    "rollbar": {
      "description": "Configuration options for the rollbar-backend plugin",
      "type": "object",
      "required": ["accountToken"],
      "properties": {
        "accountToken": {
          "description": "The authentication token for accessing the Rollbar API",
          "type": "string"
        },
        "organization": {
          "description": "The Rollbar organization name. This can be omitted by using the `rollbar.com/project-slug` annotation.",
          "visibility": "frontend",
          "type": "string"
        }
      }
    },
    "proxy": {
      "description": "A list of forwarding-proxies. Each key is a route to match,\nbelow the prefix that the proxy plugin is mounted on. It must\nstart with a '/'.",
      "type": "object",
      "additionalProperties": {
        "anyOf": [
          {
            "type": "object",
            "properties": {
              "target": {
                "description": "Target of the proxy. Url string to be parsed with the url module.",
                "type": "string"
              },
              "headers": {
                "description": "Object with extra headers to be added to target requests.",
                "type": "object",
                "additionalProperties": {
                  "type": "string"
                }
              },
              "changeOrigin": {
                "description": "Changes the origin of the host header to the target URL. Default: true.",
                "type": "boolean"
              },
              "pathRewrite": {
                "description": "Rewrite target's url path. Object-keys will be used as RegExp to match paths.\nIf pathRewrite is not specified, it is set to a single rewrite that removes the entire prefix and route.",
                "type": "object",
                "additionalProperties": {
                  "type": "string"
                }
              },
              "allowedMethods": {
                "description": "Limit the forwarded HTTP methods, for example allowedMethods: ['GET'] to enforce read-only access.",
                "type": "array",
                "items": {
                  "type": "string"
                }
              },
              "allowedHeaders": {
                "description": "Limit the forwarded HTTP methods. By default, only the headers that are considered safe for CORS\nand headers that are set by the proxy will be forwarded.",
                "type": "array",
                "items": {
                  "type": "string"
                }
              }
            },
            "required": ["target"]
          },
          {
            "type": "string"
          }
        ]
      }
    },
    "scaffolder": {
      "description": "Configuration options for the scaffolder plugin",
      "type": "object",
      "properties": {
        "github": {
          "type": "object",
          "additionalProperties": {
            "type": "string"
          },
          "properties": {
            "visibility": {
              "description": "The visibility to set on created repositories.",
              "enum": ["internal", "private", "public"],
              "type": "string"
            }
          }
        },
        "gitlab": {
          "type": "object",
          "required": ["api"],
          "properties": {
            "api": {
              "type": "object",
              "additionalProperties": {
                "type": "string"
              }
            },
            "visibility": {
              "description": "The visibility to set on created repositories.",
              "enum": ["internal", "private", "public"],
              "type": "string"
            }
          }
        },
        "azure": {
          "type": "object",
          "required": ["api", "baseUrl"],
          "properties": {
            "baseUrl": {
              "type": "string"
            },
            "api": {
              "type": "object",
              "additionalProperties": {
                "type": "string"
              }
            }
          }
        },
        "bitbucket": {
          "type": "object",
          "required": ["api"],
          "properties": {
            "api": {
              "type": "object",
              "additionalProperties": {
                "type": "string"
              }
            },
            "visibility": {
              "description": "The visibility to set on created repositories.",
              "enum": ["private", "public"],
              "type": "string"
            }
          }
        }
      }
    },
    "sonarQube": {
      "description": "Optional configurations for the SonarQube plugin",
      "type": "object",
      "required": ["baseUrl"],
      "properties": {
        "baseUrl": {
          "description": "The base url of the sonarqube installation. Defaults to https://sonarcloud.io.",
          "visibility": "frontend",
          "type": "string"
        }
      }
    },
    "sentry": {
      "description": "Configuration options for the sentry plugin",
      "type": "object",
      "required": ["organization"],
      "properties": {
        "organization": {
          "description": "The 'organization' attribute",
          "visibility": "frontend",
          "type": "string"
        }
      }
    },
    "techdocs": {
      "description": "Configuration options for the techdocs-backend plugin",
      "type": "object",
      "required": ["builder"],
      "properties": {
        "builder": {
          "description": "Documentation building process depends on the builder attr",
          "visibility": "frontend",
          "enum": ["external", "local"],
          "type": "string"
        },
        "generators": {
          "description": "Techdocs generator information",
          "type": "object",
          "required": ["techdocs"],
          "properties": {
            "techdocs": {
              "enum": ["docker", "local"],
              "type": "string"
            }
          }
        },
        "publisher": {
          "description": "Techdocs publisher information",
          "anyOf": [
            {
              "type": "object",
              "properties": {
                "type": {
                  "type": "string",
                  "enum": ["local"]
                }
              },
              "required": ["type"]
            },
            {
              "type": "object",
              "properties": {
                "type": {
                  "type": "string",
                  "enum": ["awsS3"]
                },
                "awsS3": {
                  "description": "Required when 'type' is set to awsS3",
                  "type": "object",
                  "required": ["bucketName"],
                  "properties": {
                    "credentials": {
                      "description": "(Optional) Credentials used to access a storage bucket.\nIf not set, environment variables or aws config file will be used to authenticate.",
                      "visibility": "secret",
                      "type": "object",
                      "required": ["accessKeyId", "secretAccessKey"],
                      "properties": {
                        "accessKeyId": {
                          "description": "User access key id",
                          "visibility": "secret",
                          "type": "string"
                        },
                        "secretAccessKey": {
                          "description": "User secret access key",
                          "visibility": "secret",
                          "type": "string"
                        },
                        "roleArn": {
                          "description": "ARN of role to be assumed",
                          "visibility": "backend",
                          "type": "string"
                        }
                      }
                    },
                    "bucketName": {
                      "description": "(Required) Cloud Storage Bucket Name",
                      "visibility": "backend",
                      "type": "string"
                    },
                    "region": {
                      "description": "(Optional) AWS Region.\nIf not set, AWS_REGION environment variable or aws config file will be used.",
                      "visibility": "secret",
                      "type": "string"
                    },
                    "endpoint": {
                      "description": "(Optional) AWS Endpoint.\nThe endpoint URI to send requests to. The default endpoint is built from the configured region.",
                      "visibility": "secret",
                      "type": "string"
                    }
                  }
                }
              },
              "required": ["type"]
            },
            {
              "type": "object",
              "properties": {
                "type": {
                  "type": "string",
                  "enum": ["openStackSwift"]
                },
                "openStackSwift": {
                  "description": "Required when 'type' is set to openStackSwift",
                  "type": "object",
                  "required": [
                    "authUrl",
                    "containerName",
                    "credentials",
                    "domainId",
                    "domainName",
                    "keystoneAuthVersion",
                    "region"
                  ],
                  "properties": {
                    "credentials": {
                      "description": "(Required) Credentials used to access a storage bucket.",
                      "visibility": "secret",
                      "type": "object",
                      "required": ["password", "username"],
                      "properties": {
                        "username": {
                          "description": "(Required) Root user name",
                          "visibility": "secret",
                          "type": "string"
                        },
                        "password": {
                          "description": "(Required) Root user password",
                          "visibility": "secret",
                          "type": "string"
                        }
                      }
                    },
                    "containerName": {
                      "description": "(Required) Cloud Storage Container Name",
                      "visibility": "backend",
                      "type": "string"
                    },
                    "authUrl": {
                      "description": "(Required) Auth url sometimes OpenStack uses different port check your OpenStack apis.",
                      "visibility": "backend",
                      "type": "string"
                    },
                    "keystoneAuthVersion": {
                      "description": "(Optional) Auth version\nIf not set, 'v2.0' will be used.",
                      "visibility": "backend",
                      "type": "string"
                    },
                    "domainId": {
                      "description": "(Required) Domain Id",
                      "visibility": "backend",
                      "type": "string"
                    },
                    "domainName": {
                      "description": "(Required) Domain Name",
                      "visibility": "backend",
                      "type": "string"
                    },
                    "region": {
                      "description": "(Required) Region",
                      "visibility": "backend",
                      "type": "string"
                    }
                  }
                }
              },
              "required": ["type"]
            },
            {
              "type": "object",
              "properties": {
                "type": {
                  "type": "string",
                  "enum": ["azureBlobStorage"]
                },
                "azureBlobStorage": {
                  "description": "Required when 'type' is set to azureBlobStorage",
                  "type": "object",
                  "required": ["containerName", "credentials"],
                  "properties": {
                    "credentials": {
                      "description": "(Required) Credentials used to access a storage container.",
                      "visibility": "secret",
                      "type": "object",
                      "required": ["accountName"],
                      "properties": {
                        "accountName": {
                          "description": "Account access name",
                          "visibility": "secret",
                          "type": "string"
                        },
                        "accountKey": {
                          "description": "(Optional) Account secret primary key\nIf not set, environment variables will be used to authenticate.",
                          "visibility": "secret",
                          "type": "string"
                        }
                      }
                    },
                    "containerName": {
                      "description": "(Required) Cloud Storage Container Name",
                      "visibility": "backend",
                      "type": "string"
                    }
                  }
                }
              },
              "required": ["type"]
            },
            {
              "type": "object",
              "properties": {
                "type": {
                  "type": "string",
                  "enum": ["googleGcs"]
                },
                "googleGcs": {
                  "description": "Required when 'type' is set to googleGcs",
                  "type": "object",
                  "required": ["bucketName"],
                  "properties": {
                    "bucketName": {
                      "description": "(Required) Cloud Storage Bucket Name",
                      "visibility": "backend",
                      "type": "string"
                    },
                    "credentials": {
                      "description": "(Optional) API key used to write to a storage bucket.\nIf not set, environment variables will be used to authenticate.",
                      "visibility": "secret",
                      "type": "string"
                    }
                  }
                }
              },
              "required": ["type"]
            }
          ]
        },
        "requestUrl": {
          "visibility": "frontend",
          "type": "string"
        },
        "storageUrl": {
          "type": "string"
        }
      }
    },
    "travisci": {
      "description": "Configuration options for the travisci plugin",
      "type": "object",
      "properties": {
        "baseUrl": {
          "description": "The 'baseUrl' attribute. It should point to the address of the travis portal.\nIf not provided, frontend plugin will use 'https://travis-ci.com/'",
          "visibility": "frontend",
          "type": "string"
        }
      }
    }
  },
  "description": "This is the schema describing the structure of the app-config.yaml configuration file."
}
